Healthcare in the cloud – slow to start, but a good fit

Posted by in Analysis on May 4, 2011

I came across an article this morning about cloud that got me thinking… I’ll refrain from linking to it because I don’t suggest you read it, but it did get me thinking – in particular about the intersection of institutional healthcare, security, and cloud.

Think about the challenges facing a typical hospital or health system nowadays:

  • Large legacy application footprint – potentially hundreds of specialized clinical applications, supply-chain applications, scheduling applications, financial applications
  • Lean IT – relatively small IT staff population and (generally) reduced budget for specialized resources like security.  Food for thought here: the one place where I have never encountered a dedicated application security resource is at a health system or hospital; arguably the exact place where they’re needed the most (because of their varied application footprint and tremendous reliance on those applications)
  • Variable Resource Usage – not every application operates at peak load all the time in healthcare.  This is true in other industries of course, but particularly so here.  Resource demand ebbs and flows on the clinical side according to occupancy, resource consumption varies on the financial side according to established patterns (end of quarter, audit cycle, etc.)
  • Regulatory Oversight – unlike many verticals, it’s heavily regulated environment under federal law
  • Datacenter issues - you know where is a terrible place to put a data center?  A hospital campus.  Seriously, it is.  It’s a huge, open, mostly-public space; thousands of anonymous people come and go all hours of the day and night. But yet, where do most hospitals have their data centers, amirite?  Usually, they’re problematic from a physical access perspective, problematic from a DR perspective, and problematic from an environmental perspective.

All of these factors tie directly in to – and are potentially strengths of – cloud.  So it surprises me that we don’t see more migration of HIT to cloud environments.  Now, don’t get me wrong, I’m not saying you should wake up tomorrow and decide to move something like your PACS to the cloud.  But Lawson?  Compliance360?  STAR?  SoftLab?  Allscripts?  Why not?

On the technical side, it makes sense.  Under HITECH, your business associates (i.e. cloud providers) are also regulated under HIPAA Security, so they’ll need to meet the same bar as you from a security standpoint.  In general, we’ve seen slow adoption in this space, but I think it just makes too much sense for that limited adoption to continue.   I’m expecting an explosion of activity in this regard over the next few years.

Image Source: geekwithfamily.com

Search